Main menu

Post navigation

Android devices seen covertly sending location data to Google

An investigation by Quartz has revealed that Android devices send cell tower location data to Google even if the user has incapacitated locating services for apps in their device settings.

Quartz also said it observed location data being sent even if devices had been reset to factory default settings. Android devices with a cellular data or a wi-fi connect were ensure to send the data to Google each time they came within range of a new cell tower — including devices with no SIM cards installed( these offloaded the location data via wi-fi, where available ).

It says there is currently no way for Android users to prevent their locating data regarding being sent to ad targeting giant Google — short of removing SIMs from their devices and disabling wi-fi( or else leaving the devices inside a faraday enclosure ).

After creating its findings with Google, Quartz reports that a company spokesperson told it the cell tower location data harvesting has been going on for the past 11 months, and that cell tower addresses be listed in info sent to the system it uses to manage push notifications and messages on Android devices.

The spokesperson further claimed the location data was never employed or stored. And Google added that it intends to end the practice by the end of November, having had the location tracking issue flagged to it by Quartz.

“In January of this year, we began looking into using Cell ID codes as an additional signal to improve the speed and performance of message delivery, ” the Google spokesperson said. “However, we never incorporated Cell ID into our network sync system, so that data was immediately disposed, and we updated it to no longer request Cell ID.”

Whatever the reason Google was experimenting with harvesting Android users’ locating info, it’s another troubling instance of the company slurping up sensitive user data without constructing people explicitly aware it’s doing so — let alone devoting users controls to opt out of another major invasion of their privacy.

Back in October, for example, a number of Google Home Mini devices were depicted to have malfunctioned and been persistently recording audio in the background in their owners’ homes, instead of merely waking up when a specific trigger word was used.

After that snafu gained press attention, Google said it would remove the touch top function on the device — blaming that hardware for a malfunction that had triggered near continuous recording of users’ domestic goings on. As it’s now blaming engineering experimentation for Android covertly harvesting locating data.

Location data is highly sensitive personal data from which much can be inferred about a person’s life and lifestyle, especially given the rule for mobile devices is to accompany the user wherever they run. And while cell tower locating data isn’t necessarily hugely precise, triangulation of multiple cell towers can be used to calculate a more exact location.

So even if message speed and performance could be enhanced by the Android OS knowing a user’s cell tower place, Google should at least be asking people to opt in to that location-tracking improvement and/ or providing them with a style to opt out.

Google’s privacy policy does include the following section on “location information”( below) which states that users of “Google services” may have their locating data collected, including cell tower data — though the linked examples Google uses refer to specific Google apps, like Google Maps, rather than to the Android OS itself; while the linked instance on wi-fi access phases and cell towers talks merely in terms of place data being collected for users who have enabled Google’s Location Services( not persistently, because you are using the Android OS ):

According to Quartz’s findings, the location tracking did not seem limited to particular Android telephones or tablets. It says Google was apparently collecting cell tower data from all modern Android devices.

It further quotes information sources very well known the issues specifying that the cell tower address were being sent to Google after an early 2017 change to the Firebase Cloud Messaging service that’s owned by Google and runs on Android phones by default.

While this is notable as an instance of Google itself, Android’s platform controller, apparently caught covertly tracking users’ place via the OS, this time last year a range of budget Android smartphones sold in the US were found to be secretly sending personal data to a third party company are stationed in China — including information about users’ locations.

Albeit in that case the culprit was commercial firmware pre-installed on the devices, rather than the Android OS itself, as here.